[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Revised Pre-Shared and Public Key Sig modes??
The Main Mode exchanges for Pre-Shared keys (HASH_x) or Public Key
Signatures (SIG_x) are:
Initiator Responder
HDR, SA -->
<-- HDR, SA
HDR, KE, Ni -->
<-- HDR, KE, Nr
HDR*, IDii, [HASH_I | SIG_I] -->
<-- HDR*, IDir, [HASH_R | SIG_R]
Is there any reason why 1/2 a round trip could be not eliminated by
having Revised versions of these modes such that):
HDR, SA -->
<-- HDR, SA, KE, Nr
HDR, KE, Ni -->
<-- HDR*, IDir, [HASH_R | SIG_R]
HDR*, IDii, [HASH_I | SIG_I] -->
Since the responder has selected a single proposal, he knows what
Diffie-Hellman group is being used so he can generate the correct
Diffie-Hellman payload and it does cut out 1/2 a round trip.
I'll write up a draft add these as new authentication methods
unless someone convinces me this would be a bad idea.
--
Matt Thomas Internet: matt@ljo.dec.com
AltaVista Internet Software WWW URL: <coming eventually>
Digital Equipment Corporation Disclaimer: This message reflects my own
Littleton, MA warped views, etc.
Follow-Ups: